Due to the proliferation of electronically available services, many of which involve financial or personal information, the number of username and password combinations for individual users are increasing daily. Moreover many online sites now require users to create accounts and provide log-in credentials in order to access less sensitive information, such as daily news, sale information, or a horoscope. As a result, users tend to resort to choosing the same username and password for multiple accounts. This approach lowers the security and strength of a username/password combination because breaking one account on a service could lead to unauthorized access to other accounts. There is a high cost of having online accounts broken into, yet it is difficult and inconvenient for some users to create and efficiently maintain different usernames and passwords for multiple accounts.
Additionally, the theft of users' online authentication information, such as usernames, password, answers to security challenge questions or other identifying information, by a Trojan horse virus or application is a common security problem. One of the most common mechanisms for a Trojan virus to steal a user's authentication information is through the use of keystroke logging. Common counter measures for anti-key logging techniques include applications to prevent password stealing through the use of one-time passwords (OTP), on-screen keyboards, keystroke interference, as well as other non-technological methods to confuse the Trojan key logger. These techniques provide different levels of protection. However, they generally rely on at least one pre-established shared secret between the user and the website, or actions that may result in an undesirable user experience. These techniques also fail to counteract the Trojan viruses designed to capture password by ways other than keystroke logging, such as by intercepting a password transmitted to a website.